Security is increasingly important, such that security and/or identification mechanisms are also very important. Such mechanisms are vulnerable to attack through stealing passwords or codes. One attempt to overcome such vulnerabilities is to use an aspect of the human individual which cannot easily be copied, such as fingerprints or retinal “prints”. However, these biometric characteristics may still be copied or forged.
The protocol used to verify a password is quite simple, and usually involves comparing an encrypted version of the password with a stored encrypted copy. The weakness is the difficulty of remembering all the passwords and PINs that modem life requires without writing them all down (unencrypted) and posting them in an obvious place or using easily-guessed personal information. As a result, the apparent security of a password can be illusory. Programs such as L0phtCrack and its commercial derivative, L4 (Password), have shown that many passwords can be guessed by attacks which try long lists of common words, enhanced by random extensions.
The common PIN or password is easy to describe to others. One can easily be impersonated by someone who knows the password, such that it is not very safe from eavesdroppers. Users must also make considerable effort to remember all of the passwords being used. However, the protocol used to verify a password is quite simple. Therefore, solutions to the above problems should also be easy to use, but also safer from impersonation. Verification should also be easy.
Some attempts to overcome these problems have involved maintaining at least some information in the mind of a user. This information may then be used for security and/or identification, optionally through some type of mental function or effort (other than memory alone).
Previous efforts to create better schemes for identifying human individuals to computers have focused on defeating the efforts of an observer or wire-tapping eavesdropper by requiring the human individual to perform mathematical calculations involving a shared secret. Matsumoto's 1991 and 1996 papers, for example, require the user to perform the XOR of a supplied bit string with a memorized bit string, and report the parity of the result to the computer, and/or other calculations. While this may be within the mental arithmetic capabilities of some programmers, it seems too complex for general use. The method requires the use of a shared secret password, in this case a secret bit string, of which the user is completely aware. Hopper and Blum (2000) explore more complicated protocols which, they argue, reduce the complexity of the computation that the human individual must perform.
The literature of psychophysics and cognitive psychology has many studies of “imprinting” phenomena, simple behaviors or recognitions which are quickly learned, and can be retrieved much later with little effort. Obviously the “imprint” cannot be captured by external inspection. Many “imprinted” processes are stored with little conscious awareness of what was learned, so that an individual cannot tell another person about the contents of such an imprint. One example of low awareness “imprinting” involves viewing pictures. A very large database of images could be used, from which certain image(s) could be selected for viewing. If an individual were to view a previously shown image, grouped with another image that had not been previously shown, the individual could select the previously seen image with high confidence, even long after the initial training.
One use of imprinting is found in the work of Dhamija and Perrig (2000), who have the user select a small group, their portfolio, of images from a larger set of images. Recognition of these images certifies the user. The taught protocols emphasize making the user aware of the selected images, and using the same images repeatedly for identification. The motivation was to achieve more natural human factors, “pictures replacing passwords,” at a modest security level. However; repetitive use of pictures could easily lead to similar problems as for regular passwords, namely that an eavesdropper could steal such a “picture password”.
A scheme recently described by researchers at Microsoft (Microsoft) uses cued recognition of artificially generated Rorschach patterns to generate passwords which would be too long to remember and impossible to guess. The user is shown a set of pictures and asked to assign a word to each, keeping it secret. Letters selected from these words become the password for subsequent certification. The pictures provide cues to recall the chosen words, and thus the passwords. Again it appears that the evaluation that is done is of the password cued by the pictures, and does not involve a probabilistic assessment of error. Furthermore, it is still possible to steal the images, which are used repetitively, and/or to otherwise attack the password itself.